Configure user permissions

Mikhail Serov

ADCM role model is designed for configuring user permissions via policies. As a result of a policy being applied the user has access only to the actions and ADCM objects that are included in that policy.

The ADCM offers a few ready-made user roles (sets of rules). You also can create your own roles in order to get the most suitable roles for your tasks.

You can find a few user permissions configuring examples below.

Configure cluster administrator permissions

Let there exist two ADCM clusters named ADH and ADH Prod. Let there also exist an ADCM user named user, who belongs to the group 1 group and is not an administrator of any cluster. Create the policy that allows the user to obtain cluster administrator permissions for the ADH cluster.

Enter the policy name (user ADH), select the Cluster Administrator role, and the group 1 group.

The first step of creating a policy for the user
The first step of creating a policy for the user

Select the ADH cluster.

The second step of creating a policy for the user
The second step of creating a policy for the user

Apply the policy by clicking Create.

After the policy is applied, the user is able to see only the ADH cluster in the Clusters section. The user also has the cluster administrator permissions for the ADH cluster.

Clusters section as seen by the user
Clusters section as seen by the user

Let there exist an ADCM user named another_user, who belongs to the group 2 group and is also not an administrator of any cluster. Make that user the ADH Prod cluster administrator via the actions similar to the actions above. After the policy is applied, the another_user is able to see only the ADH Prod cluster in the Clusters section. The another_user also has the cluster administrator permissions for the ADH Prod cluster.

Clusters section as seen by another_user
Clusters section as seen by another_user

The ADCM administrator is able to view all clusters in the system.

Clusters section as seen by the ADCM administrator
Clusters section as seen by the ADCM administrator

Configure service administrator permissions

Let there exist an ADCM cluster named ADH Prod that has the HDFS service among its services. Let there also exist an ADCM user named user, who belongs to the group 1 group and is not an administrator of any service. Create the policy that allows the user to obtain service administrator permissions for the HDFS service in the ADH Prod cluster.

Enter the policy name (user ADH Prod HDFS), select the Service Administrator role, and the group 1 group.

The first step of creating a policy for the user
The first step of creating a policy for the user

Select the HDFS service in the ADH Prod cluster.

The second step of creating a policy for the user
The second step of creating a policy for the user

Apply the policy by clicking Create.

After the policy is applied, the user is able to see only the HDFS service at the Services subsection of the ADH Prod cluster. The user also has the service administrator permissions for the HDFS service.

Services subsection as seen by the user
Services subsection as seen by the user

The ADCM administrator is able to view all services of the ADH Prod cluster.

Services subsection as seen by the ADCM administrator
Services subsection as seen by the ADCM administrator

Configure read-only permissions

The ADCM User role allows the user to view ADCM objects along with their configurations and components, yet doesn’t allow the user to make any edits. This mode is, in fact, a read-only mode. The ADCM User role is available when creating policies likewise in the same way as above.

Found a mistake? Seleсt text and press Ctrl+Enter to report it